Third-party access to a network system is typically accomplished by an intermediary entity initially calling into the network system to request access on behalf of the third-party entity. While the intermediary entity is typically a “trusted caller”; meaning they have been properly authenticated by the network system, the third-party entity is not considered a “trusted caller” by the network system, since the third-party entity is known/authenticated by the intermediary but not by the network system.
As a conventional means of authenticating third-party entities desiring access to network systems via an intermediary entity, the intermediary entity authenticates the third-party and generates a token which provides the third-party entity the ability access to the network system upon presentation of the token.
However, hijacking of tokens is common in communication networks and allows unauthorized entities to gain access to network systems. One such example of malicious use of tokens is Cross-Site Request Forgery (CSRF), also referred to as one-click attack or session riding, in which unauthorized commands are seemingly transmitted from a trusted user to a network entity (e.g., a website). The proliferation of token hijacking and other authentication spoofing techniques means that the network entity cannot infer that the entities, especially third-party entities, are who they purport to be.
Therefore, a need exists to develop methods, systems, computer program products and the like which provide for secure third-party authentication, such that network systems (e.g., websites or the like) can only be accessed by third-party entities that have been provided authorization to access the network system. In addition, the network system can be assured that the third-party entity accessing the network system is, in fact, who they purport to be.